Solved

Old objects in AD

Posted on 2007-12-03
6
245 Views
Last Modified: 2010-04-21
Hello,

I have some computer accounts in Active Directory that are probably no longer valid. I am looking for an easy way to scan and verify this so that they may be removed. It would be nice to find the last time they actually logged into the domain. Any ideas? Thanks!
0
Comment
Question by:jbyrd1981
6 Comments
 
LVL 4

Expert Comment

by:AGCIT
ID: 20400211
dsquery will do it. you have to have a critery though, like 90 days inactivity or such...

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/PruningOldComputerAccountsinAD.html

I recently wrote one for users
0
 
LVL 20

Accepted Solution

by:
Lazarus earned 500 total points
ID: 20400216
Use OLDCMP: you can get it at http://joeware.net works well for your needs. It's command line though.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 20400222
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 4

Expert Comment

by:AGCIT
ID: 20400231
(Spelling) Criteria. Sorry,

Echo off
FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET CDATE=%%B
FOR /F "TOKENS=1,2 eol=/ DELIMS=/ " %%A IN ('DATE/T') DO SET mm=%%B
FOR /F "TOKENS=1,2 DELIMS=/ eol=/" %%A IN ('echo %CDATE%') DO SET dd=%%B
FOR /F "TOKENS=2,3 DELIMS=/ " %%A IN ('echo %CDATE%') DO SET yyyy=%%B
SET date=%mm%%dd%%yyyy%
dsquery user -Inactive 12 ou=exited,ou=employeeexits,dc=domain,dc=com -limit 0 > "M:\path\%date%.Xls" | DSRM -noprompt

In this case it was for users, 12 weeks inactive, log it into an excel sheet, and the DSRM is the remove automatically
0
 
LVL 1

Expert Comment

by:chipbunker
ID: 20400346
Without reinventing the wheel, I was able to find a couple sites that might assist you in retrieving the information you need to find the old computer accounts in active directory.

http://www.visualbasicscript.com/m_24625/mpage_1/key_/tm.htm
http://www.petri.co.il/forums/showthread.php?t=8973
0
 
LVL 1

Author Closing Comment

by:jbyrd1981
ID: 31412494
Thanks! I believe that this is what I was looking for.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Replication 12 68
Drive mapping problem 7 41
Recover options for a failed domain. 4 46
Block Active Directory users from logging into Synology DSM? 2 26
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question